Back to University of Twente portal
Analysing Password Protocol Security Against Off-line Dictionary Attacks
Corin, Ricardo and Doumen, Jeroen and Etalle, Sandro (2003) Analysing Password Protocol Security Against Off-line Dictionary Attacks. [Report]
![[img]](http://doc.utwente.nl/style/images/fileicons/application_pdf.png)
| PDF 223Kb |
| Abstract: | We study the security of password protocols against off-line dictionary attacks. In addition to the standard adversary abilities, we also consider further cryptographic advantages given to the adversary when considering the password protocol being instantiated with particular encryption schemes. We work with the applied pi calculus of Abadi and Fournet, in which the (new) adversary abilities are modelled as equations between terms. As case studies, we analyse the Encrypted Password Transmission (EPT) protocol of Halevi and Krawczyk, and the wellknown Encrypted Key Exchange (EKE) of Bellovin and Merritt. Finally, we propose a modification to EKE that prevents a particular attack that arises when ciphertexts are distinguishable from random noise. |
| Item Type: | Report |
| Copyright: | © 2003 CTIT |
| Faculty: | Electrical Engineering, Mathematics and Computer Science (EEMCS) |
| Research Group: | |
| Link to this item: | http://purl.utwente.nl/publications/41397 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page
Metis ID: 217660